Employers slow to comply with data protection code

Companies are continuing to breach the Data Protection Act by failing to
follow the necessary codes of practice.

According to a survey, seven out of 10 firms have failed to register with
the Information Commission – the first step they need to take to ensure
compliance.

Almost three in 10 companies either do not follow or are unaware if they are
following the codes according to the survey by recruitment consultancy Zebra.
The codes outline employers’ responsibilities when handling staff information
under the Data Protection Act.

Four out of 10 of the 140 employers polled report increasing demands on
their HR function since the first code on recruitment was published at the
beginning of this year.

Two-thirds of managers are unaware of their recruitment responsibilities
under the code and do not know which company staff member is responsible for
compliance. Seven out of 10 managers have not had data protection training and
more than half are largely unaware of their responsibilities under the DPA.

Only 56 per cent of companies have changed their recruitment processes in
response to the code. Just 12 per cent of employers report they would find
meeting staff requests for access to their individual data ‘very easy’, as
required under the act.

Tom Fisher, head of global HR systems at Logica, believes that a lack of
knowledge of the code and poor internal communication are hindering firms from
complying.

"A significant administration burden for the HR department arises from
the code. I am surprised that the figures [for breaching the code] are not
higher," he said.